Data Security and Stewardship Committee
Cordelia Camp 101a
Wednesday, April 14, 2010
Present Pam Buchanan, Steve Christison, Craig Fowler, Lisa Gaetano,
Larry Hammer, Debbie Justice, Scott Koger, Mary Ann Lochner,
Mike Stewart, Scott Swartzentruber, and Kay Turpin
Absent Zeta Smith
Guest Shandon Bates
Recorder Jenny Owen
Handouts  Draft of Policy 95
Approval of Minutes
 Craig Fowler made a motion to approve the minutes from the Data
Security and Stewardship Committee (DSSC) meetings that were held on
Thursday, March 4 and Wednesday, March 17. There was no opposition,
and the motion carried unanimously.
Action Item –
Hard Drive Images &
Litigation Holds
 Lisa Gaetano will work with Scott Koger and Shandon Bates to draft a
process for imaging hard drives that are involved in litigation holds
related to HR and/or law enforcement.
Action Items Policy 95
 DSSC members agreed that Policy 95’s confidentiality agreement should
only be signed once; however, security awareness training should be
done annually.
 Before Policy 95’s confidentiality forms are implemented, Kathy Wong
asked that she be given “a heads up” so Human Resources can prepare to
receive and file the signed hard copies of the forms in employees’
personnel files.
 Mary Ann Lochner said she will find the draft compliance matrix that
she and Chris Dahlquist created several years ago. She will send it to
DSSC members for review. Lochner explained the matrix will need to
be updated; for example, general security awareness training should be
added to the matrix.
 Modifications for Policy 95:
o In Data Network Security, section 2, replace “service” with
“device.”
o In Access Control Security Procedures, section 6, replace
“Human Resources” with “IT.”
o In Access Control Security Procedures, sections 6 and 7, state
that access request forms should be sent to the CIO.
o The Chancellor’s Office will be responsible for notifying IT
about termination of access for Chancellors emeriti and the
Provost’s Office will be responsible for notifying IT about
termination of access for professors emeriti.
 Fowler suggested that as part of Policy 95’s process documentation, an
annual report of Chancellors emeriti activity be given to the Chancellor
and an annual report of professors emeriti activity be given to the
Provost so they can review these reports to see if there is any action they
want taken.
 Debbie Justice agreed to modify Policy 95 based on the discussion at this
meeting. She will also draft a procedure/process document for Policy 95.
Action Items –
MCD Policy
 Koger will do some test scenarios on devices to see what will and won’t
work.
 Jenny Owen will schedule a meeting with Fowler, Koger and
Jeff Bewsey to begin discussing implementation steps.
 A pilot needs to be done before Fowler brings the MCD Policy to
Executive Council for approval to implement. Fowler explained that
Executive Council members will want to know details about how the
policy will be implemented.